If you’re a KeyServer administrator–or interested in becoming one–and you’re attending LabMan 2018, you’re invited to join us for two training and information sessions we’re hosting this year. One is a pre-conference session on Tuesday, May 22nd, and the other is a break-out session on the 23rd featuring a live demonstration of lab maps in KeyServer, with Gene Mayro, an administrator from Temple University. Here are the details:

SAM Roundtables presented by Sassafras Software (Pre-conference)
Tuesday, May 22, 2018, 8:30 a.m. – 2:30 p.m.
The University of Maryland, College Park
(The day before Labman 2018)

As our phones get smarter, and more of our communication happens digitally, we have come to expect that we can access any and all data directly from our phones. Collaborative learning spaces are terrific, but only if we can immediately access the productivity tools required to get the job done. So, what happens when a group of students arrives at a computer lab only to discover that all the computers are occupied?

The expensive “solution” to this problem is to buy enough software to install everywhere, and buy enough computers to make labs larger than they need to be, guaranteeing constant availability. But imagine if students could easily track down open computers and software availability—anywhere on campus—right from their phones? What if they could check operating hours and see a demand forecast for each lab, allowing them to avoid the availability problem altogether?

KeyServer’s mobile-friendly Computer Lab Availability Maps, which can be embedded on any university webpage, are designed to provide all of this functionality and more. Join co-presenters Jason Schackai from Sassafras Software and Gene Mayro from Temple University for this demonstration of the product, including a peek at Temple’s real-world implementation and learn how you can provide students, faculty, and staff with easy, intuitive access lab availability information, including:– Hours of operation– Daily and weekly demand forecast – Real-time computer log-in status, including operating system and installed software– Lab software availability list, installation count, and software locator– Campus-wide software search for tracking down alternate locations for critical applications

Lab administrators can even use KeyServer’s Lab Maps to monitor system health across campus, direct security, and review a heat map of the most used computers. At the end of the session, attendees will be provided a “sneak preview” of powerful new drawing tools for managing graphics, designing lab floorplans, and quickly laying out computer icons, all in the same place.

The Academic Lab Management Conference, also known as LabMan, was formed back in 2000 for professionals responsible for the maintenance of computer labs in education settings. As technology in labs continues to evolve, LabMan focuses on the overarching aspects of academic computing services which includes computer labs, bring your own device (BYOD), wireless support, classroom support, and innovation spaces for students and other patrons.

Sassafras Software is a Gold Sponsor at LabMan. This is a great Conference that we have attended in prior years, and a natural fit given our Availability Maps and Software Licensing functionality. For an idea of how K2 has been used in Labs, take a look at a case study about Lab Planning at Boise State University.

Like many of our clients, Rochester Institute of Technology College of Imaging Arts and Sciences originally purchased their KeyServer many years ago for management of concurrent use software titles like Adobe Creative Suite, and although the KeyServer has been running steadily for the last 20 years, the shift toward cloud has reduced their need for active launch management. Fortunately, RIT has discovered that KeyServer isn’t just a one concurrent trick pony, but a Swiss army knife of network management tools and computer usage statistics.

They used to export to Excel and create pivot tables from data using Hardware Text Dump, but RIT came to the conclusion that they needed to do more to track and manage the hardware on their network after an internal IT audit; and because their KeyServer was already collecting hardware and software stats from all the computers on the network, they naturally made it an integral part of the Hardware Asset Management system they put in place. Using KeyServer’s ability to export computer and software data into custom built or 3rd party systems (via MySQL export in this case, though many other options are available), RIT is now importing KeyServer data into their their custom-built Atlassian JIRA databases to track when and how computers are used, to manage the hardware lifecycle, and determine what areas are over- and under-utilized.

The Laptop upgrades report in Jira imports computer model name and division from KeyServer, but also allows for budget year tracking in Jira.

They have even managed to use KeyServer to track down lost and stolen hardware based on MAC and IP addresses! In one instance, they were able to help a staff member locate a computer she had left in a hotel during a business trip, and in another case they were able to identify and locate a man who had stolen a laptop from campus! Additionally, they have also been able to quickly drill down and find specific hardware that meets certain criteria, like computers that are ready for virtual reality applications based on GPU, CPU, RAM requirements.

This is the College’s custom Software Renewal dashboard, which integrates data from KeyServer but also allows RIT to manage their own priority levels and labels.

Hardware properties stored in KeyServer are all imported into the Jira database automatically.

In addition to default KeyServer fields, the college can add additional lifecycle status, department, and other information to hardware reports in Jira. Custom fields in KeyServer can also be used to store this data with a bi-directional read-write configuration.

Their system continues to evolve as new questions arise and new capabilities are discovered, and they feel confident that they are fully prepared to pass the next hardware and/or software audit with flying colors.

Without a Software Asset Management product monitoring installation and usage of software, comparing them to entitlement counts using the correct metric, it can be nearly impossible to remain in compliance with publishers’ terms and conditions. And although it’s the government’s job to enforce contract law—and it has been particularly aggressive in doing so over the past few years—that doesn’t mean it always follows the law or effectively manages its own software usage in accordance with licensing limits.

As reported by TechWorm, the US Navy is in hot water over what may be one of the largest breaches of software licensing in history, in terms of sheer quantity. A complaint filed by the German company Bitmanagement, makers of “BS Contact Geo” a 3D geographic visualization (virtual reality) application, alleges that the US Navy pirated over $600,000,000 worth of software by installing it onto 558,466 computers without authorization. According to the complaint:

Even as it negotiated with Bitmanagement over the proposed large-scale licensing of its product, the Navy was simultaneously copying and installing that software, without Bitmanagement’s advance knowledge or authorization, on a massive scale.

The details of the case are as entertaining as they are terrifying—to think that even the federal government of the United States could unintentionally make itself liable for potentially over half a billion dollars worth of VR software, all because of one uninformed decision, goes to show how easy it could be to accidentally sink your own license compliance battleship. What is particularly interesting though, is that the mistake was a simple misunderstanding about the appropriate licensing metric for this software. The Navy believed that it had a concurrent use license for 100 entitlements – in which case the number of installs is entirely irrelevant – the critical part is simply to ensure that the limit of 100 copies running it once is never exceeded. This can be done either with the internal tracking code provided by the software manufacturer, or by third-party license management software like KeyServer.

In this case, however, not only was no one tracking usage to avoid the concurrent use overages, but that wasn’t even the correct metric. Now the Navy is learning the hard way the difference between Concurrent Use and Node licensing metrics, not to mention how important it is to know what you own, track what you install, and don’t use more than you are entitled to.

According to the Navy, it was all a misunderstaning. Have they heard the FBI’s opinion of that excuse? Bitmanagement sees it another way:

Over time, however, it became clear that the Navy had no intention to pay Bitmanagement for the software it had copied without authorization, as it declined to execute any license on a scale commensurate with what it took.

KeyServer can’t stop a rogue admin from pushing out millions of dollars of software without paying for it, but it can help you locate software that shouldn’t be installed open your network, and identify areas where you are out of compliance with the terms and conditions of your licensing contracts. Policy-based license enforcement can automatically manage usage limits by blocking the launch of software when it would represent a breach of contract. Audit reports can be used to identify unauthorized installations, and Usage and Compliance reports, when compared to entitlement metrics, can tell you what your potential liability could be if you were audited.

]]>http://www.sassafras.com/us-navy-allegedly-pirates-half-billion-dollars-worth-vr-software/feed/0Boise State Leverages KeyServer for Lab Planninghttp://www.sassafras.com/boise-state-leverages-keyserver-lab-planning/
http://www.sassafras.com/boise-state-leverages-keyserver-lab-planning/#respondWed, 11 Apr 2018 18:56:43 +0000http://www.sassafras.com/?p=2603For years, Boise State University has relied on usage statistics gathered by KeyServer not only to optimize software expenditures but also to determine how public computers are used and how best to configure labs. In 2013, they were honored by University Business Magazine as a “Model of Efficiency”.

The result of their work was indeed impressive:

… to staff the labs and open the walk-in support centers would have cost an additional $140,000 in student labor, plus $25,000 for added hardware to keep pace with demand, for a total of $165,000. Instead, the university simply made better use of what it already had.

In order to achieve this result, Boise State relied on the detailed login and software usage events recorded by KeyServer in order to assess computer and lab usage – as well as similar data from other systems that monitor Printers and wireless access points.

The key was in moving computers closer to students and classrooms. Using Sassafras KeyServer, Fitzgerald and his team tracked which lab computers were getting the most usage in terms of number of students logging in and amount of time spent. Based on that data, computers in seven manned labs were consolidated into three and employees from the four labs that were shuttered were reassigned to new walk-in centers. The remaining computer units were dispersed into lobbies and common areas. The result: computer usage has gone up 20 percent.

The full article can be found here: https://news.boisestate.edu/update/2014/01/30/boise-state-honored-model-efficiency/

Since 2013 when that article was published, KeyServer has had four major releases, and functionality for lab and hardware management has continued to grow and improve. Most notably, Lab Availability Maps were added in version 7.2 Not only does this allow students to have a live view of available computers (making computer usage more efficient), it also gives Administrators a “Heat Map” to analyze usage patterns.

Administrator heat map

Additional reports were also added to analyze data in new ways. For example, the Login Peaks report specifically lets you look at usage of labs hour-by-hour and day-by-day.

Login Peaks (DIV)

It is immediately apparent in the picture above that this lab is most busy on Thursdays around 1PM. In this example there are no hours where usage drops to zero but if there were it would be easy to identify. This is exactly the sort of data that was used at Boise State University, and at other sites to rationalize computer lab deployments (e.g. see also the Evergreen State College case study).

We reached out recently to Mark Fitzgerald at Boise State University, who added:

We are still using the data to figure out which computers are being used and to what extent. We make changes every year based on it.

With another major release of KeyServer due this summer, you can expect to see some really exciting further improvements to maps which will make setup even easier and more flexible than ever.

If you would like to share with us how you’ve used KeyServer to save money, we’d love to hear it. Call or email us!

If you watched or took part in our last two KeyServer Fundamentals webinars, by now you should have all the information you need to organize your computer network and manage your software products with properly configured polices. In the next webinar, Reporting Strategies and Objectives, we’re going to talk about making use of the data you’ve been collecting.

If you’re like many of our clients, your organization may have already decided to purchase a site license for Adobe Creative Cloud and/or Microsoft Office. And, while “giving in” and buying more than you really need for simplicity’s sake might have made sense during the transition to subscription licensing, ubiquitous installation actually provides you with an opportunity to gain insight into an invaluable usage metric: who, based on actual usage and unlimited availability, really needs what?

Do you have faculty or students who “need” Adobe Illustrator, but haven’t used anything other than Acrobat in the last 6 months? What about Microsoft Office Pro Plus users who use nothing but Word and Excel? Let’s find out! Armed with this information you will be fully prepared for your next renewal negotiation. In addition to software usage reporting, we’ll also talk about hardware reports, value tags, report templates, time sets, exporting reports, KeyReporter dashboard widgets, and other custom options.

If you’re going to effectively track software usage in the age of cloud and subscription licensing models, you need to not only make sure that your hardware is properly organized into appropriate divisions so that you can tie usage to specific locations and groups of users, but you also need to be able to track software installation and usage, or even manage software launches depending on how you are entitled to use certain products. Therefore, in our second KeyServer Fundamentals webinar — Software Usage and Entitlement Tracking — we will be taking a closer look at Programs, Products, and Policies in K2 KeyServer. During this session, we’ll cover everything you to know to track installation and usage of every software product on your network, including:

REGISTER NOW

Name*

FirstLast

Email*

Phone

Organization

]]>http://www.sassafras.com/webinar-fundamentals-2/feed/0Upcoming Events in 2018http://www.sassafras.com/upcoming-events-2018/
http://www.sassafras.com/upcoming-events-2018/#respondMon, 12 Mar 2018 20:26:11 +0000http://www.sassafras.com/?p=2538As spring approaches (though you wouldn’t believe it by looking out the window), we’re finalizing our schedule this year for conferences we will be attending. If you will be at any of these, we hope you’ll stop by to say hello. Also listed are upcoming webinars.

May 2-3 – KeyServer Fundamentals webinar

May 8-10 – IAITAM ACE

May 22 – LabMan Preconference Workshops

On the 22nd, we’ll be offering a series of Preconference Workshops from 8:30 to 2:30 – visit the web site for full details. These sessions will be broad enough to be of interest to anyone handling Software Asset Management at their university, regardless of what tool they might use – but also very relevant for KeyServer admins as well.

We’ve heard it a thousand times: “We don’t need SAM anymore because Adobe and Microsoft went to the cloud, license management is built in for this and that, and we just buy site licenses for everything now.” In other words: “We can’t win. The publishers have boxed us into a corner, and Software Asset Management just helps us keep track of all the money we flush down the drain every year.”

Now is not the time to throw in the towel and “just pay them what they want.” In the age of cloud, subscription, and user-based licensing, Software Asset Management is more important than ever. It’s not just about keeping track of what you have: SAM is about buying only what you need.

Of all the machines on which you’ve installed Microsoft Office 365 Professional Premium Gold Plated Plus Super Enterprise Edition—how many have actually ever launched Microsoft Publisher, or Access, or OneNote?

Why, then, are you paying for it?

In our opinion, there is only one way to combat the data and research publishers use to figure out the most profitable licensing models: collect your own data, and arm yourself to the teeth with it during your next contract negotiation. That’s why, in this “back to the basics” series of webinars, we’re going to walk you through everything you need to know to properly configure your KeyServer for collecting the most helpful usage data for your next big renewal.

And because SAM starts with HAM, that’s where we’ll begin. We’d like to invite you to join us for Session 1 of our four-part KeyServer Fundamentals webinar series: Network Organization and Hardware Management.

Unless your KeyServer computer network is well organized and division management is automated, your usage data may be hard to untangle, and you’ll probably spend way too much (or not nearly enough!) time dragging and dropping machines here and there for maintenance and/or hardware refreshes. So, in preparation for our next webinar on Software Usage and Entitlement Tracking, we’re going to help you organize and automate your computer management system. You’re going to learn:

REGISTER NOW

Name*

FirstLast

Email*

Phone

Organization

]]>http://www.sassafras.com/webinar-fundamentals-1/feed/0SAM and K2 KeyServer in the Age of GDPRhttp://www.sassafras.com/sam-and-keyserver-in-the-age-of-gdpr/
http://www.sassafras.com/sam-and-keyserver-in-the-age-of-gdpr/#respondFri, 19 Jan 2018 22:17:43 +0000http://www.sassafras.com/?p=2327

In case you thought software license compliance wasn’t complex, confusing, or expensive enough already–say hello to GDPR, Europe’s well-intentioned approach to maximizing complexity, confusion, and cost in the name of personal data privacy and security.

What is GDPR?

GDPR stands for “General Data Protection Regulation.” It’s a new EU law with implications that reach far beyond the borders of the old world. The main purpose is to give Europeans more control over how their personal information is used by anyone who might come into possession of it. The most obvious category is an employer or university – but it also includes software companies, websites, and other online services. Its scope is not limited to information collected for administration, marketing or data mining – and with the amount of data out in the world today you can imagine how broadly scoped this law is. And because it applies to anyone, anywhere in the world, who transmits, stores, or otherwise processes the personal data of people located in the European Union, it even impacts organizations that do not typically fall under the jurisdiction of the EU government; whether they realize it or not.

What does it mean to “process personal data?”

The law defines personal data as “any information relating to an identified or identifiable natural person… such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.” Not only does the law require anyone storing, transmitting or processing such data to get consent, but it also requires that said processing be “necessary” for a “legitimate” purpose. It’s not until you see that “processing” is defined as “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction,” that you can finally appreciate just how all-encompassing the law really is.

It seems absurd, but based on the letter of the law, a photographer would not only need to get your consent to erase a picture he accidentally took of you walking down the street in Paris (if said picture could potentially be used to identify you by, say, Facebook’s facial recognition), but even the act of erasing would still require a necessary and legitimate purpose! And let’s not even mention enforcement (the fines are huge).

Luckily, I don’t think the EU intends to fine us all millions of dollars for taking random pictures of the Eiffel Tower (though apparently they could). And fortunately, there seem to be two roads to the other side of GDPR: navigate through the cumbersome, complex, and confusing details, or simply go around them. In other words: set up processes and procedures that will allow you to get consent, prove necessity, and securely process personal data (the expensive route), or make sure that any data you collect cannot be used to identify its subject (i.e., anonymize it).

K2 and GDPR

From one perspective, GDPR runs contrary to the very core of Software Asset Management – which inherently involves gathering and analyzing user data; but that doesn’t mean that Sassafras is unprepared. There are two areas in particular that we wanted to talk about it in this article: data that gets sent back to Sassafras, and data collected and stored on your local KeyServer.

Data Transmission to Sassafras

As far as data transmittal between a remote KeyServer and Sassafras is concerned, our client software, KeyAccess, does not upload any data or communicate version status information to us. All communication from the KeyAccess client goes directly to your onsite KeyServer process.

With the Product Recognition Service enabled in your KeyServer, only product data is aggregated, summarized, anonymized, and then submitted to the Sassafras PRS service for normalization into a product record (which is then returned to your KeyServer); but this transaction does not include any data about individual computers or users. In other words: Sassafras does not and never has collected any personal data from the computers or users on your network.

Local KeyServer Data Collection

With regard to data collected, stored, and transmitted on your local network between KeyAccess, KeyServer, and KeyReporter, we are happy to report that, because K2 was engineered to maintain compliance with German privacy laws—which are what much of GDPR was based on—your KeyServer can easily be configured in a way that maintains strict compliance with GDPR requirements. Settings that allow you to anonymize the computer and user names of end users make the users unidentifiable, therefore avoiding many of the law’s stringent and complex requirements.

Without turning these settings on, it will still be possible to use KeyServer in compliance with GDPR, but remember that certain requirements, discussed above, regarding consent and notification about data being collected, how and why it is used and stored, etc., will, at the moment, have to be managed outside of KeyServer. We are considering ways that we might be able to incorporate these aspects of compliance into KeyServer in the future, but these decisions will be made based on user requests and feedback.

Conclusion

The practice of Software Asset Management is deeply affected by GDPR, as a lot of user data goes into computing license usage and consumption. However, because we suspect that the Software Asset Management industry as a whole will move toward anonymization of personal data, which is not critical to effective asset management, rather than dealing with the overhead of consent, data management, breach notification, not to mention the significant legal and financial risk associated with storing and transmitting unnecessary private data.

]]>http://www.sassafras.com/sam-and-keyserver-in-the-age-of-gdpr/feed/0ITAM Lifetime Achievementshttp://www.sassafras.com/itam-lifetime-achievements/
http://www.sassafras.com/itam-lifetime-achievements/#respondTue, 21 Nov 2017 21:35:29 +0000http://www.sassafras.com/?p=2300On November 10, I traveled to Maidenhead, England to attend the annual ITAM Review Awards Banquet and present a Lifetime Achievement Award to a surprised colleague, David Bicket. David recently volunteered his time for 7 years to lead a distinguished group of Software Asset Management and IT Asset Management (SAM/ITAM) savants in developing a remarkable set of industry standards.

It was a fitting journey for me to take in my last month as VP of Business Development at Sassafras Software. While closing a chapter on a long and rewarding career at Sassafras I was also opening new pathways with a growing community of supporters who will help to launch me into my next big thing. More on that later.

David Bicket spent thirteen relatively tranquil years as a Manager and then a Director of Enterprise Risk Services at Deloitte Belgium. And then, as he puts it, he began the task of “herding some very rowdy cats” when he accepted the nomination as Convener of the International Organization for Standards “Working Group 21.” The ISO WG21 group is responsible for building and maintaining SAM and ITAM standards.

I joined WG21 the following year and was immediately appointed as Convener of the ISO/IEC 19770-3 Development Group, where I served as lead author of the 19770-3 Software Entitlements standard – and continue to serve alongside Dave and many other colleagues.

These have been remarkable years, under Mr. Bicket’s leadership, for the development of ITAM standards and the maturing of a rapidly expanding profession. As Steve Klos of TagVault.org said:

We now have a full set of standards… that we can use in the industry to make it a better place.

Congratulations Dave! It has been a joy to serve alongside of you.

That brings me back to my story. After 26 remarkably successful years as a team member, building one of the notable pioneering companies in the SAM/ITAM industry, I am changing my life-focus to pursue a growing need in the world. I plan to stay active, part-time, in the ITAM industry in a few ways; through standards development, writing, teaching, speaking at conferences, and general rabble-rousing whenever the opportunity presents itself.

But my main interest is in increasing my direct efforts in Parkinson’s research and in educating the Parkinson’s community throughout North America and the United Kingdom on ways we can beat back the disease and improve the quality of our lives.

Some of you know of my volunteer work with the Parkinson’s Foundation as a Research Advocate. I will continue that work while I make efforts to spawn “Dance for Parkinson’s” programs modeled after the 2-year program that I currently co-instruct. And I am presently working with a team of Neurologists and scientists to develop a new exercise study for Parkinson’s that I will work on as a co-investigator.

I am also presently developing a project plan to take my bicycle on the road in 2018 to hosted events around the USA (and possibly the UK) where I will team up with Neurologists and cycling communities to teach people with Parkinson’s how they can overcome many of their struggles with PD through cycling/spinning – and to raise money for research through the Parkinson’s Foundation.

If you have suggestions for candidate communities that might host me for a Parkinson’s educational and research fund-raising event, please let me know.

If you would like to follow my future endeavors – both in the ITAM world and in Parkinson’s projects – you may connect with me on Linkedin or on Twitter.